package com.wfbi.security.chapter13;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;

/**
 * @author wfbi
 * @version 1.0
 * @date 2021/12/27 2:13 PM
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    // 都是针对路径而不是参数
    @Bean
    HttpFirewall httpFirewall() {
        StrictHttpFirewall firewall = new StrictHttpFirewall();
        // 允许任何请求方法GET、POST ...
//        firewall.setUnsafeAllowAnyHttpMethod(true);
        // 地址栏能够被允许出现 ;
        firewall.setAllowSemicolon(true);
        // 路径中允许 //
//        firewall.setAllowUrlEncodedDoubleSlash(true);
        // 路径中允许 %
//        firewall.setAllowUrlEncodedPercent(true);
        // 允许请求地址中包含斜杠编码后的字符 %2F 或者 %2f
//        firewall.setAllowUrlEncodedSlash(true);
        // 允许请求地址中包含反斜杠 \ 或者反斜杠编码后的字符 %5C 或者 %5c
//        firewall.setAllowBackSlash(true);
        // 允许请求地址中存在 . 编码之后的字符 %2e、%2E
//        firewall.setAllowUrlEncodedPeriod(true);
        return firewall;
    }
}
